<?php
/* Status Codes
 * 0 - password verification needed
 * 1 - OK
 * 2 - suspended for illegal activity
*/

Class LoginControl {
	private $mysqllink;
	
	public function Initialize() {
		$this->StartSession();
    if(isset($_SESSION['user']) && !empty($_SESSION['user'])) {
      //@header('Location: ../');
      echo "<h4>User already logged in! Please logout and login again!</h4>";
      exit;
    }
		if(!isset($_POST['user'])) {
			$this->ShowLogin();
			return false;
		}	else return true;	
	}
	
	public function ValidateLogin($user, $pass) {
		require("../../conf/database.conf.php");
		$QUERY = "SELECT id, fullname, password, root_dir, status, storagelimit FROM indexer_users WHERE username='";
    $UPDATE_LOGIN_TIME_QUERY = "UPDATE indexer_users SET last_login_on = NOW() WHERE id=";
		$this->mysqllink = mysql_connect($HOSTNAME, $USERNAME, $PASSWORD);
		if(!$this->mysqllink) {
			$this->ShowLogin("Unable to Connect to Sql Server! Please contact Admin!");
			return false;
		}
		$selecteddb = mysql_select_db($DB);
		if(!$selecteddb) {
			$this->ShowLogin("No such database! Please contact Admin!");
      mysql_close($this->mysqllink);
			return false;
		}
		if($result = mysql_query($QUERY.strtolower($user)."'")) {
			if($sqlarray = mysql_fetch_array($result)) {
				if(strcmp($sqlarray['password'], md5($pass)) == 0) {
          $__status = intval($sqlarray['status']);
          if($__status == 0) {
            session_regenerate_id();
            session_destroy();
            $this->ShowLogin("Account activation not done. Please check your email.");
            return false;
          }
          elseif($__status == 2) {
            session_regenerate_id();
            session_destroy();
            $this->ShowLogin("Account suspended. Please contact administrator.");
            return false;
          }
					$_SESSION['user'] = $user;
          $_SESSION['fullname'] = $sqlarray['fullname'];
					$_SESSION['dir'] = $sqlarray['root_dir'];
          $_SESSION['storagelimit'] = intval($sqlarray['storagelimit']);
          $_SESSION['usage'] = 0;
          mysql_query($UPDATE_LOGIN_TIME_QUERY.$sqlarray['id']);
          mysql_close($this->mysqllink);
          @header("Location: ../../");
				  return;
				} else {
          $this->ShowLogin("Passwords doesn't match!");
          mysql_close($this->mysqllink);
					return false;
				}
			}	else {
				$this->ShowLogin("No such user!");
        mysql_close($this->mysqllink);
				return false;
			}
		}	else {
			$this->ShowLogin("Unable to process login request! Contact Admin!");
      mysql_close($this->mysqllink);
			return false;
		}
	}	
		
	private function ShowLogin($Error = '') {
		require_once("../../templates/login.template.php");
		return;
	}
	
	private function StartSession($DestroyPrevious = false) {
		session_start();
		if($DestroyPrevious) session_regenerate_id(true);
		return;
	}
	
	private function EndSession() {
		session_regenerate_id(true);
		session_destroy();
	}
}

//Execution
$mylogin=new LoginControl;
if($mylogin->Initialize())
$mylogin->ValidateLogin($_POST['user'], $_POST['pass']);
?>
